SOAP Basic HTTP authentication with a policy in CTP

Add the following in the services.xml of your AAR service archive:

        <module ref="rampart"/>
        <parameter name="sin.jaas.transport.login.context">Default</parameter>
        <wsp:Policy wsu:Id="BasicAuthPolicy" xmlns:wsp=""
                    <sp:TransportBinding xmlns:sp="">
                    <ramp:RampartConfig xmlns:ramp="">
  • The communication must happen over HTTPS per the SOAP WS-Security specification
  • As this is by the WS-Security specification the request to this service should contain a SOAP security header with a timestamp. In SOAP UI - WS-Security (WSS) for API Testing | SoapUI (Timestamp)
  • The MultiLoginPolicyValidatorCallback class makes the connection between the Web Services Stack and the Software AG Security Infrastructure
  • The “sin.jaas.transport.login.context” points to a JAAS login context defined in /profiles/CTP/configuration/jaas.config. In this example we have default one which works with the Software AG internal user store (common/conf/users.xml, common/conf/groups.xml, common/conf/roles.xml). New users can be added by using Reverb , role and group assignment happens by manual edit of the corresponding files.